A rogue app asking for PIN on the merchant facing screen ? not sure there's anything much we can do about that other than making sure we catch that during the review process. Whenever there is a need for the consumer PIN entry, it's driven by the second payment processor - not from the android side.
Should be able to prevent PIN information from getting accepted by any means other than your locked-down PIN entry screen. So, any app that wants to grab people's PIN entry would either require them to enter their PIN twice, or block the transaction from going through, which should be very visible.